如何在Django Rest框架中序列化用户权限?
我正在使用Django rest后端和React前端构建一个应用程序,并致力于授权和身份验证。身份验证工作得很好,但在告诉前端用户有权对模型进行添加/编辑/查看/删除时,我有点卡住了。例如,如果用户无法编辑故事,我不想显示“编辑故事”按钮如何在Django Rest框架中序列化用户权限?,django,django-rest-framework,Django,Django Rest Framework,我正在使用Django rest后端和React前端构建一个应用程序,并致力于授权和身份验证。身份验证工作得很好,但在告诉前端用户有权对模型进行添加/编辑/查看/删除时,我有点卡住了。例如,如果用户无法编辑故事,我不想显示“编辑故事”按钮 当通过Django文档工作时,我认为将用户权限从Django后端发送到反应前端是最容易的。因此,我想序列化用户权限 这是我的视图: class UserAPI(generics.RetrieveAPIView): permission_classes =
当通过Django文档工作时,我认为将用户权限从Django后端发送到反应前端是最容易的。因此,我想序列化用户权限
这是我的视图:class UserAPI(generics.RetrieveAPIView):
permission_classes = [
permissions.IsAuthenticated,
]
serializer_class = UserSerializer
def get_permissions(request):
logged_in_user = request.user
return Response(data=logged_in_user.get_all_permissions())
def get_object(self):
return self.request.user
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('id', 'username', 'user_permissions')
class Profile(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
image = models.ImageField(default='default.jpg', upload_to='profile_pics/')
def __str__(self):
return f'{self.user.username} Profile'
def save(self, *args, **kwargs):
super(Profile, self).save(*args, **kwargs)
img = Image.open(self.image.path)
if img.height > 300 or img.width > 300:
output_size = (300,300)
img.thumbnail(output_size)
img.save(self.image.path)
这是我的序列化程序:
class UserAPI(generics.RetrieveAPIView):
permission_classes = [
permissions.IsAuthenticated,
]
serializer_class = UserSerializer
def get_permissions(request):
logged_in_user = request.user
return Response(data=logged_in_user.get_all_permissions())
def get_object(self):
return self.request.user
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('id', 'username', 'user_permissions')
class Profile(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
image = models.ImageField(default='default.jpg', upload_to='profile_pics/')
def __str__(self):
return f'{self.user.username} Profile'
def save(self, *args, **kwargs):
super(Profile, self).save(*args, **kwargs)
img = Image.open(self.image.path)
if img.height > 300 or img.width > 300:
output_size = (300,300)
img.thumbnail(output_size)
img.save(self.image.path)
用户型号:
class UserAPI(generics.RetrieveAPIView):
permission_classes = [
permissions.IsAuthenticated,
]
serializer_class = UserSerializer
def get_permissions(request):
logged_in_user = request.user
return Response(data=logged_in_user.get_all_permissions())
def get_object(self):
return self.request.user
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('id', 'username', 'user_permissions')
class Profile(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
image = models.ImageField(default='default.jpg', upload_to='profile_pics/')
def __str__(self):
return f'{self.user.username} Profile'
def save(self, *args, **kwargs):
super(Profile, self).save(*args, **kwargs)
img = Image.open(self.image.path)
if img.height > 300 or img.width > 300:
output_size = (300,300)
img.thumbnail(output_size)
img.save(self.image.path)
当我调用UserAPI时,字段user\u permissions为空
"user": {
"id": 35,
"username": "HII",
"user_permissions": [
]
}
我想知道我怎么不能通过API访问用户权限。我很高兴得到任何提示和澄清。您可以尝试以下方法-
user_id = request.user.pk
username = request.user.username
permissions = list(request.user.get_all_permissions())
return HttpResponse(
json.dumps(CurrentUser(user_id, username, permissions),
default=lambda obj: obj.__dict__), content_type='application/json')
class CurrentUser:
def __init__(self, user_id, username, permissions):
self.user_id = user_id
self.username = username
self.permissions = permissions
你可以尝试以下方法-
user_id = request.user.pk
username = request.user.username
permissions = list(request.user.get_all_permissions())
return HttpResponse(
json.dumps(CurrentUser(user_id, username, permissions),
default=lambda obj: obj.__dict__), content_type='application/json')
class CurrentUser:
def __init__(self, user_id, username, permissions):
self.user_id = user_id
self.username = username
self.permissions = permissions
当我需要这样的东西时,我通常会序列化方法字段。您可以添加SerializerMethodField,并设置auth user拥有的所有权限
class UserSerializer(serializers.ModelSerializer):
user_permissions = serializers.SerializerMethodField()
class Meta:
model = User
fields = ('id', 'username', 'user_permissions')
def get_user_permissions(self, obj):
return list(obj.user_permissions.all()) # I'm not sure list type casting is necessary
当我需要这样的东西时,我通常会序列化方法字段。您可以添加SerializerMethodField,并设置auth user拥有的所有权限
class UserSerializer(serializers.ModelSerializer):
user_permissions = serializers.SerializerMethodField()
class Meta:
model = User
fields = ('id', 'username', 'user_permissions')
def get_user_permissions(self, obj):
return list(obj.user_permissions.all()) # I'm not sure list type casting is necessary
你也可以发布你的用户模型吗?是的,为了了解我们需要用户模型的情况,你发布的模型不是用户档案。您是在使用Django用户还是在覆盖它?@ArvindKumar我使用Django用户并将其链接到配置文件模型以添加其他字段。@dan_boy这是我的一个错误您也可以发布您的用户模型吗?是的,为了了解我们也需要用户模型的情况,您发布的模型不是配置文件用户。您是使用Django用户还是覆盖它?@ArvindKumar我使用Django用户并将其链接到配置文件模型以添加其他字段。@dan_boy这是我的一个错误谢谢。当更改为“user\u set”时,我发现错误
user\u set`对型号`user
无效。在何处插入您提供的代码?是,在UserAPI中添加给定类CurrentUser的代码。并将CurrentUser类声明为一个单独的类。谢谢。当更改为“user\u set”时,我发现错误user\u set`对型号`user
无效。在何处插入您提供的代码?是,在UserAPI中添加给定类CurrentUser的代码。并将类CurrentUser声明为一个单独的类。